Unable to disable TLS


Debug email shell

Email configuration

Host: xxxxxxxxxxxxxx
Port: 26
Username:
Password: *********
TLS: true
Sending email from: Passbolt passbolt@xxxxxxxxx
Sending email to: ron@xxxxxxxxxxxxx

Trace
[220] xxxxxxxxxxxxxxxxx ESMTP xxxxxxxxxxxxxxxx

EHLO localhost
[250] xxxxxxxxxxxxxxxxxxxx
[250] PIPELINING
[250] SIZE 10485760
[250] VRFY
[250] ETRN
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
Could not send the test email.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.
root@7938369eae56:/usr/share/php/passbolt# echo $EMAIL_TRANSPORT_DEFAULT_TLS
false
root@7938369eae56:/usr/share/php/passbolt#

For some reason using the CE Docker image I am unable to disable TLS
Running: [3.2.0] (latest) but noticed the same in the previous version.

Try this EMAIL_TRANSPORT_DEFAULT_TLS seemingly ignored

Null instead of false.

Tried that but did not change a thing

Open source password manager for teams

Debug email shell

Email configuration

Host:xxxxxxxxxxxxxxx
Port: 26
Username:
Password: *********
TLS: true
Sending email from: Passbolt passbolt@xxxxxxxxxxxx
Sending email to: ron@xxxxxxxxxxxxxx

Trace
[220] xxxxxxxxxxxxxxxxxxx ESMTP xxxxxxxxxx

EHLO localhost
[250] xxxxxxxxxxxxxxxxxx
[250] PIPELINING
[250] SIZE 10485760
[250] VRFY
[250] ETRN
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
Could not send the test email.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.
root@af4858aece8d:/usr/share/php/passbolt# echo $EMAIL_TRANSPORT_DEFAULT_TLS
null
root@af4858aece8d:/usr/share/php/passbolt#

Where are you setting the environment variable? It seems your changes are not being respected.

Hi Garrett,

I set them in the docker-compose file, the container understands them as you can see in the last command. If I do an echo of the environment variable it is there but Passbolt does not use it for the email send function.

You could try using the env files that are referenced in the stock docker-compose.yml file.

I tried that too, same result. The container understands the variable, otherwise it would not show with the echo command. The passbolt config file is missing the variable somewhere I guess.

If you look in the container’s /etc/passbolt you can find some of those config files that should use the variable.

I changed the config files but the result is the same, the send mail still shows the same error that it tries to send mail using TLS.

If I disable TLS in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Mailer/Transport/SmtpTransport.php

It works by commenting out the part
try {
$this->_smtpSend(“EHLO {$host}”, ‘250’);
/* if ($config[‘tls’]) {
$this->_smtpSend(‘STARTTLS’, ‘220’);
$this->_socket()->enableCrypto(‘tls’);
$this->_smtpSend(“EHLO {$host}”, ‘250’);
}
*/ }

This value “$config[‘tls’]” is probably not functioning correctly.

@R0N And it’s weird also because the default value is null, I believe. Did you try not including it at all?

Yes, same result.
The default is ‘null’ but the “if ($config[‘tls’])” is always true and therefor it always sends the STARTTLS command.

@R0N It appears that cakephp uses ‘false’ for default value.

This user had to change to null in the old version to make it work.

I’m not clear why it does not work with the environment variable but it must be catching that the variable is set, rather than checking it’s true.

Do other variables in /env/passbolt.env work? If not, maybe docker-compose.yml should have ./env/passbolt.env instead of env/passbolt.env.

Instead of commenting out the cakephp source code, try changing the passbolt config file line of tls from:

'tls' => env('EMAIL_TRANSPORT_DEFAULT_TLS', null),

to:

'tls' => filter_var(env('EMAIL_TRANSPORT_DEFAULT_TLS', false), FILTER_VALIDATE_BOOLEAN),

and also remove this variable from the passbolt.env file, and see if that works.

I made the change and that seems to do the trick.
Now it works as expected.

1 Like

Thanks for the feedback, this helps. I will put in a PR to have this reviewed.

Thanks for your help, hope there is a fix in the next version :slight_smile: